-
Notifications
You must be signed in to change notification settings - Fork 878
/
Copy path__main__.py
90 lines (85 loc) · 2.77 KB
/
__main__.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
import config
import vdc
from hub import HubProps, Hub
from spoke import SpokeProps, Spoke
from pulumi import export
# set required vdc variables before calling function
vdc.location = config.location
vdc.s = config.separator
vdc.suffix = config.suffix
vdc.tags = config.default_tags
resource_group_name = vdc.resource_group(config.stack)
# single hub with gateways, firewall, DMZ, shared services, bastion (optional)
hub = Hub(
"hub", # stem of child resource names (<4 chars)
HubProps(
azure_bastion=config.azure_bastion,
forced_tunnel=config.forced_tunnel,
firewall_address_space=config.firewall_address_space,
hub_address_space=config.hub_address_space,
location=config.location,
peer=config.peer,
reference=config.reference,
resource_group_name=resource_group_name,
separator=config.separator,
stack=config.stack,
subnets=[ # extra columns for future ASGs
("domain", "any", "any"),
("files", "any", "none"),
],
suffix=config.suffix,
tags=config.default_tags,
),
)
# multiple spokes for application environments with bastion access (optional)
spoke1 = Spoke(
"s01", # stem of child resource names (<6 chars)
SpokeProps(
azure_bastion=config.azure_bastion,
fw_rt_name=hub.fw_rt_name,
hub=hub,
location=config.location,
peer=config.peer,
reference=config.reference,
resource_group_name=resource_group_name,
separator=config.separator,
spoke_address_space=str(next(config.stack_sn)),
subnets=[ # extra columns for future ASGs
("web", "any", "app"),
("app", "web", "db"),
("db", "app", "none"),
],
suffix=config.suffix,
tags=config.default_tags,
),
)
spoke2 = Spoke(
"s02", # stem of child resource names (<6 chars)
SpokeProps(
azure_bastion=config.azure_bastion,
fw_rt_name=hub.fw_rt_name,
hub=hub,
location=config.location,
peer=config.peer,
reference=config.reference,
resource_group_name=resource_group_name,
separator=config.separator,
spoke_address_space=str(next(config.stack_sn)),
subnets=[ # extra columns for future ASGs
("web", "any", "app"),
("app", "web", "db"),
("db", "app", "none"),
],
suffix=config.suffix,
tags=config.default_tags,
),
)
# export information about the stack required for stack peering
export("dmz_ar", hub.dmz_ar)
export("fw_ip", hub.fw_ip)
export("hub_as", hub.address_space)
export("hub_id", hub.id)
export("s01_as", spoke1.address_space)
export("s01_id", spoke1.id)
export("s02_as", spoke2.address_space)
export("s02_id", spoke2.id)